The Data Protection Commission (DPC) has published its 2023 Annual Report, highlighting a record year with DPC fines accounting for 87% of all GDPR fines issued across the EU. A busy year for the DPC also saw a 20% increase in reported personal data breaches as Helen Dixon steps down after 10 years in
Continue Reading Ireland: DPC Issues Record 87% of EU GDPR Fines in 2023; Breach Reports Increase by 20%Enforcement
UK: How much will I get fined if I don’t comply?
Following the threat of significantly larger penalties since 2018 (the enhanced fines under the General Data Protection Regulation as compared to the legislation that went before), companies have asked us time and time again, “what is my financial risk for data protection non-compliance in the UK?”
The publication of the Information Commissioner Office’s new fining…
Continue Reading UK: How much will I get fined if I don’t comply?CJEU ruling clarifies data protection and e-privacy issues in the ad-tech space
Introduction
Identifiability; what can amount to personal data; and joint controllership are some of the issues addressed by the Court of Justice of the European Union (CJEU) in its recent judgment in the IAB Europe case (C-604/22). This case concerned the use of personal data for online advertising purposes and the use…
Continue Reading CJEU ruling clarifies data protection and e-privacy issues in the ad-tech spaceUK: Enforcement Against the Use of Biometrics in the Workplace
The ICO has issued an enforcement notice which provides valuable insights into its approach to the use of biometrics in the workplace, and the lawfulness of employee monitoring activities more broadly.
On 23 February 2024, the Information Commissioner’s Office (“ICO”) ordered Serco Leisure Operating Limited (“Serco”), an operator of leisure facilities, to stop using facial…
Continue Reading UK: Enforcement Against the Use of Biometrics in the WorkplaceCalifornia Attorney General Settles with DoorDash over Alleged Sale of Personal Information
Overview
On February 21, 2024, the California Attorney General (CA AG) announced that it had reached a settlement with DoorDash over allegations that the company failed to comply with “sale” requirements under the California Consumer Privacy Act (CCPA) and disclosure requirements under the California Online Privacy Protection Act (CalOPPA). The settlement requires DoorDash to pay…
Continue Reading California Attorney General Settles with DoorDash over Alleged Sale of Personal InformationNETHERLANDS: Highest court side-steps determining whether legitimate interests may be purely commercial
On 27 July 2022, the highest administrative court in the Netherlands, published its highly anticipated judgment involving the Dutch Data Protection Authority’s assessment of “legitimate interest” under Article 6(1)(f) GDPR.
It was expected that the court would provide some clarification on whether “purely commercial interests” can qualify as legitimate interests within the meaning…
Continue Reading NETHERLANDS: Highest court side-steps determining whether legitimate interests may be purely commercial